Security

User-defined regular expression properties

Incompatible Changes

local($_) will strip all magic from $_

local() on scalar variables will give them a new value, but keep all their magic intact. This has proven to be problematic for the default scalar variable $_, where perlsub recommends that any subroutine that assigns to $_ should localize it first. This would throw an exception if $_ is aliased to a read-only variable, and could have various unintentional side-effects in general.

Therefore, as an exception to the general rule, local($_) will not only assign a new value to $_, but also remove all existing magic from it as well.

Passing references to warn()

An earlier Perl 5.13.x release changed warn($ref) to leave the reference unchanged, allowing $SIG{__WARN__} handlers to access the original reference. But this stopped warnings that were references from having the file and line number appended even when there was no $SIG{__WARN__} handler in place.

Now warn checks for the presence of such a handler and, if there is none, proceeds to stringify the reference and append the file and line number. This allows simple uses of warn for debugging to continue to work as they did before.

fork() emulation will not wait for signalled children

On Windows parent processes would not terminate until all forked childred had terminated first. However, kill('KILL', ...) is inherently unstable on pseudo-processes, and kill('TERM', ...) might not get delivered if the child if blocked in a system call.

To avoid the deadlock and still provide a safe mechanism to terminate the hosting process, Perl will now no longer wait for children that have been sent a SIGTERM signal. It is up to the parent process to waitpid() for these children if child clean-up processing must be allowed to finish. However, it is also the responsibility of the parent then to avoid the deadlock by making sure the child process can't be blocked on I/O either.

See perlfork for more information about the fork() emulation on Windows.

Perl source code is read in text mode on Windows

Perl scripts used to be read in binary mode on Windows for the benefit of the ByteLoader module (which is no longer part of core Perl). This had the side effect of breaking various operations on the DATA filehandle, including seek()/tell(), and even simply reading from DATA after file handles have been flushed by a call to system(), backticks, fork() etc.

The default build options for Windows have been changed to read Perl source code on Windows in text mode now. Hopefully ByteLoader will be updated on CPAN to automatically handle this situation.

Performance Enhancements

An earlier optimisation to speed up my @array = ... and my %hash = ... assignments caused a bug and was disabled in Perl 5.12.0.

Now we have found another way to speed up these assignments [perl #82110].

Modules and Pragmata

Updated Modules and Pragmata

attributes has been upgraded from version 0.13 to 0.14.

base has been upgraded from version 2.15 to 2.16.

CPAN has been upgraded from version 1.94_65 to 1.9600.

CPANPLUS has been upgraded from version 0.9101 to 0.9103

CPANPLUS::Dist::Build has been upgraded from version 0.52 to 0.54

Cwd has been downgraded from version 3.37 to 3.36.

An optimisation that recent core changes have rendered unnecessary has been reverted.

Devel::DProf has been upgraded from version 20110225.01 to 20110228.00.

Testing

Many of the tests have been refactored to use testing libraries more consistently. In some cases test files were created or deleted:

The tests for split /\s/ and Unicode have been moved from t/op/split.t to the new t/op/split_unicode.t.

t/re/re.t has been moved to ext/re/t/re_funcs_u.t.

The tests for [perl #72922] have been moved from t/re/qr.t to the new t/re/qr-72922.t.

t/re/reg_unsafe.t has been deleted and its only test moved to t/re/pat_advanced.t.

Selected Bug Fixes

A fix for a bug in length(undef) in 5.13.4 introduced a regression that meant print length undef did not warn when warnings were enabled. It now correctly warns [perl #85508].

The (?|...) regular expression construct no longer crashes if the final branch has more sets of capturing parentheses than any other branch. This was fixed in Perl 5.10.1 for the case of a single branch, but that fix did not take multiple branches into account [perl #84746].

Accessing an element of a package array with a hard-coded number (as opposed to an arbitrary expression) would crash if the array did not exist. Usually the array would be autovivified during compilation, but typeglob manipulation could remove it, as in these two cases which used to crash:

*d = *a; print $d[0];
undef *d; print $d[0];

#line directives in string evals were not properly updating the arrays of lines of code (@{"_<..."}) that the debugger (or any debugging or profiling module) uses. In threaded builds, they were not being updated at all. In non-threaded builds, the line number was ignored, so any change to the existing line number would cause the lines to be misnumbered [perl #79442].

$AUTOLOAD used to remain tainted forever if it ever became tainted. Now it is correctly untainted if an autoloaded method is called and the method name was not tainted.

A bug has been fixed in the implementation of {...} quantifiers in regular expressions that prevented the code block in /((\w+)(?{ print $2 })){2}/ from seeing the $2 sometimes [perl #84294].

sprintf now dies when passed a tainted scalar for the format. It did already die for arbitrary expressions, but not for simple scalars [perl #82250].

DESTROY methods of objects implementing ties are no longer able to crash by accessing the tied variable through a weak reference [perl #86328].

On Windows, calling kill(9, $child) on a pseudo-process created by the fork() emulation is inherently unstable. It can also be responsible for overriding the parent process exit code with a value of '9' if the parent terminates right after killing the child. This condition will now happen a lot less often than before.

Ensure that the exists &Errno::EFOO idiom continues to work as documented.

A change post-5.12 caused the documented idiom not to work if Errno was loaded after the exists code had been compiled, as the compiler implicitly creates typeglobs in the Errno symbol table when it builds the optree for the exists code.

Acknowledgements

Perl 5.13.11 represents approximately one month of development since Perl 5.13.10 and contains approximately 80,000 lines of changes across 549 files from 31 authors and committers:

Reporting Bugs

If you find what you think is a bug, you might check the articles recently posted to the comp.lang.perl.misc newsgroup and the perl bug database at http://rt.perl.org/perlbug/ . There may also be information at http://www.perl.org/ , the Perl Home Page.

If you believe you have an unreported bug, please run the perlbug program included with your release. Be sure to trim your bug down to a tiny but sufficient test case. Your bug report, along with the output of perl -V, will be sent off to perlbug@perl.org to be analysed by the Perl porting team.

If the bug you are reporting has security implications, which make it inappropriate to send to a publicly archived mailing list, then please send it to perl5-security-report@perl.org. This points to a closed subscription unarchived mailing list, which includes all the core committers, who will be able to help assess the impact of issues, figure out a resolution, and help co-ordinate the release of patches to mitigate or fix the problem across all platforms on which Perl is supported. Please only use this address for security issues in the Perl core, not for modules independently distributed on CPAN.

SEE ALSO

The Changes file for an explanation of how to view exhaustive details on what changed.

The INSTALL file for how to build Perl.

The README file for general stuff.

The Artistic and Copying files for copyright information.

Module Install Instructions

To install perl51311delta, simply copy and paste either of the commands in to your terminal

As a valued partner and proud supporter of MetaCPAN, StickerYou is
happy to offer a 10% discount on all Custom Stickers,
Business Labels, Roll Labels,
Vinyl Lettering or Custom Decals. StickerYou.com
is your one-stop shop to make your business stick.
Use code METACPAN10 at checkout to apply your discount.